Password Recovery
Moderator: Game Administrators
Password Recovery
This is getting really frustrating. If your account has repeated failed logon attempts FT changes that password and emails it to you in whatever language the person who tried to break into has their app set at.
SO FAR.
Spanish.
Russian.
English.
Ive an idea who they are too.
Mostly russian break in attempts. Can we change this? Can FT not reset passwords BECAUSE of failed logon attempts?
SO FAR.
Spanish.
Russian.
English.
Ive an idea who they are too.
Mostly russian break in attempts. Can we change this? Can FT not reset passwords BECAUSE of failed logon attempts?
Re: Password Recovery
Another russian attempt. Password changed again by ft servers. If this is a legitimatw tactic...
Re: Password Recovery
And again. Russian.
This is a really great way to illegitimately lock people out of an account. Any replies to this would be great. A change would be great.
This is a really great way to illegitimately lock people out of an account. Any replies to this would be great. A change would be great.
Re: Password Recovery
Interesting.
You do not explicitely mention the reason why you are complaining about this mechanics - account sharing!
In FT, every account is meant to belong to ONE Person, the OWNER. This is the person who has access to the email address that is attached to the character.
So if any person (normally, it should be YOU) does not remember his password, he can start the recovery process.
In the beginning, the System did not change the password during that process. This has lead to big issues of account stealing. So compbatant changed that.
The current mechanics are meant to protect people. If - as a side effect - account sharing is made more complicated, creator's intention is emphasized.
You do not explicitely mention the reason why you are complaining about this mechanics - account sharing!
In FT, every account is meant to belong to ONE Person, the OWNER. This is the person who has access to the email address that is attached to the character.
So if any person (normally, it should be YOU) does not remember his password, he can start the recovery process.
In the beginning, the System did not change the password during that process. This has lead to big issues of account stealing. So compbatant changed that.
The current mechanics are meant to protect people. If - as a side effect - account sharing is made more complicated, creator's intention is emphasized.
Retired Game Admin (GM)
For contact with staff, please send a PM to GM Inbox
Useful Links:
- Forum Rules | Game Rules
- Game Help | Monster list | Item list
For contact with staff, please send a PM to GM Inbox
Useful Links:
- Forum Rules | Game Rules
- Game Help | Monster list | Item list
Re: Password Recovery
I did mention the reason why I was complaining. People tapping on the recovery option 3 times plus a day. If you want, without going into detail here. I could lock you or anyone else out of playing the game for as long as I wanted to.Arachnia wrote:Interesting.
You do not explicitely mention the reason why you are complaining about this mechanics - account sharing!
Agreed, have never considered debating such.Arachnia wrote:In FT, every account is meant to belong to ONE Person, the OWNER. This is the person who has access to the email address that is attached to the character.
Thats how it should be used. Yes. But its not used like that. This is why I have posted proposing change.Arachnia wrote:So if any person (normally, it should be YOU) does not remember his password, he can start the recovery process.
It shouldve stayed that way. Theres a reason why most other places dont change the password upon recovery. At least most mmo's ive played jist recover the account and let you edit the password once youve been emailed it.Arachnia wrote:In the beginning, the System did not change the password during that process. This has lead to big issues of account stealing. So compbatant changed that.
Im not talking about account sharing in the slightest causing problems. This system can be used to protect people sure. But its far easier to just stop someone from playing the game by using this system. The side effect doesnt make account sharing difficult. At all. The side effect is completely stoping someone from playing. For as long as you desire.Arachnia wrote:The current mechanics are meant to protect people. If - as a side effect - account sharing is made more complicated, creator's intention is emphasized.
Re: Password Recovery
Interesting. Dont know about that.
Regular password resetting annoy accaunts owner.
And at the other hand according to the rules of the game, players should use safe passwords.
Paragraph 1 of game rules say for us "A password is considered safe, when it has at least 8 characters and includes both numbers and letters."
Player can use safe passwords, which includes more 8 both numbers and letters.
But at any moment another player can reset this safe password to password, which includes
only 6 numbers. Such a password is easier to hack.
Regular password resetting annoy accaunts owner.
And at the other hand according to the rules of the game, players should use safe passwords.
Paragraph 1 of game rules say for us "A password is considered safe, when it has at least 8 characters and includes both numbers and letters."
Player can use safe passwords, which includes more 8 both numbers and letters.
But at any moment another player can reset this safe password to password, which includes
only 6 numbers. Such a password is easier to hack.
GAME TRANSLATOR: RUSSIAN РУССКИЙ
GAME MASTER (GM)
GAME MASTER (GM)
Re: Password Recovery
we should make it longer, yes. 10 digits will be safe again. millions of guesses needed and the server will recognize it early enough
reason: you are correct with pw safety here.
though it was meant as a short-time password due to the reset process by the owner.
as mentioned, it can be abused a bit... 3x per day are fine imo... we can reduce it to 1x per day, too.
but we have our reasons to give the players the option to reset it and also, that the pw will be changed. it avoids sharing and trading, what is a big issue for the team all day long. tbh, 80% of my time for FT, i talk to players, who "forgot" their passwords or got their chars stolen etc.
reason: you are correct with pw safety here.
though it was meant as a short-time password due to the reset process by the owner.
as mentioned, it can be abused a bit... 3x per day are fine imo... we can reduce it to 1x per day, too.
but we have our reasons to give the players the option to reset it and also, that the pw will be changed. it avoids sharing and trading, what is a big issue for the team all day long. tbh, 80% of my time for FT, i talk to players, who "forgot" their passwords or got their chars stolen etc.
Forum Admin and Gamemaster
Useful links: Forum Rules | Game Rules | Items | Quests | Monsters
Spoken languages: English, German
Useful links: Forum Rules | Game Rules | Items | Quests | Monsters
Spoken languages: English, German
Re: Password Recovery
Limiting the reset still isnt a good idea. Because the pw still changes and you can still use it to annoy someone awesomely. During key points of a battle.
Im not talking here about account sharing at all. Nor the impacts this system has on account sharing. Which isnt too high anywah imo. The stats on acc theft is probably lower though. Thats for a different thread though.
Im focusing on how one can abuse the current system that changes someones password and how its used maliciously. Im debating that it shouldnt change the password to a series of numbers.
-It can be used repeatedly to lock someone out at present. Be it for malicious means or for "the lulz"
-changing it to purely numbers isnt safe. At all.
-Even at 3x a day if that goes in. Its 3x a day someone can make their enemy login slower. It could be a crucial point of a battle for instance.
If the pw isnt changed by ft servers and instead the current password of that account just emailed to the correct email, everything above becomes irrelevant.
-You cannot lock someone out indefinately.
-You cannot make someone log in slower 3x a day during a crucial point in a battle (if the 3x thing went through)
-It isnt changed to purely numbers. Which is unsafe even at 8 to 10 digits.
If you want to delve into the topic of sharing. Having an email account attached to a FT account makes it more likely for someone to share. Password recovery whether the server changes the password or not, means more people will share. This doesnt actually stop it. It actually promotes the idea "I will be able to get my account back no matter what". All it hinders is selling.
Im not talking here about account sharing at all. Nor the impacts this system has on account sharing. Which isnt too high anywah imo. The stats on acc theft is probably lower though. Thats for a different thread though.
Im focusing on how one can abuse the current system that changes someones password and how its used maliciously. Im debating that it shouldnt change the password to a series of numbers.
-It can be used repeatedly to lock someone out at present. Be it for malicious means or for "the lulz"
-changing it to purely numbers isnt safe. At all.
-Even at 3x a day if that goes in. Its 3x a day someone can make their enemy login slower. It could be a crucial point of a battle for instance.
If the pw isnt changed by ft servers and instead the current password of that account just emailed to the correct email, everything above becomes irrelevant.
-You cannot lock someone out indefinately.
-You cannot make someone log in slower 3x a day during a crucial point in a battle (if the 3x thing went through)
-It isnt changed to purely numbers. Which is unsafe even at 8 to 10 digits.
If you want to delve into the topic of sharing. Having an email account attached to a FT account makes it more likely for someone to share. Password recovery whether the server changes the password or not, means more people will share. This doesnt actually stop it. It actually promotes the idea "I will be able to get my account back no matter what". All it hinders is selling.
Re: Password Recovery
if we reduce to 1/day, it cannot be annoying imo. and "during key points of a battle" you are logged in, aren't you? so no harm done, too.Limiting the reset still isnt a good idea. Because the pw still changes and you can still use it to annoy someone awesomely. During key points of a battle.
though we could erase the option to give the name. instead, you have to know the mail.
if its limited to 1 time per day, again no issue imo.-It can be used repeatedly to lock someone out at present. Be it for malicious means or for "the lulz"
correct, if server would not log things but we will enlarge the number count, too. why only numbers? we do not know the keyboard language of the players, so we reset to numbers only.-changing it to purely numbers isnt safe. At all.
sorry, but that is not an option due to account sharing and trading issuesIf the pw isnt changed by ft servers and instead the current password of that account just emailed to the correct email, everything above becomes irrelevant.
10 digits are 10000 million guesses... that is enough-It isnt changed to purely numbers. Which is unsafe even at 8 to 10 digits.
we thought through it very detailled. 1st issue: account trading. but then, account sharing goes up, correct. we also do not want this. so we change pw. that is it. nothing to change here.If you want to delve into the topic of sharing. Having an email account attached to a FT account makes it more likely for someone to share. Password recovery whether the server changes the password or not, means more people will share. This doesnt actually stop it. It actually promotes the idea "I will be able to get my account back no matter what". All it hinders is selling.
Forum Admin and Gamemaster
Useful links: Forum Rules | Game Rules | Items | Quests | Monsters
Spoken languages: English, German
Useful links: Forum Rules | Game Rules | Items | Quests | Monsters
Spoken languages: English, German
Re: Password Recovery
Harm done. We die at times. 1/daily isnt implimented yet. If that was implimented then no. No harm done really at all. But currently. Doesnt matter if your logged in. Under the current system once you die and people are abusing this. Good luck getting on.if we reduce to 1/day, it cannot be annoying imo. and "during key points of a battle" you are logged in, aren't you? so no harm done, too.
That would probably work a lot better than being able to give a logon name. That would probably solve the issue completely. If the current system of FT remains at changing the pw to a series of numbers.though we could erase the option to give the name. instead, you have to know the mail.
Has it been set to 1/day? If it hasnt then its still an issue. However as mentioned by you. If only an email is accepted before recovery begins. 0 issues.if its limited to 1 time per day, again no issue imo.
I get russian emails. Spanish emails. English emails. All for account recovery. So it looks like the language of the email depends on the language setting in the apk of whoever made the request. And good point I suppose. So why not throw in some punctuation aswell? Minor point In all this I guess.correct, if server would not log things but we will enlarge the number count, too. why only numbers? we do not know the keyboard language of the players, so we reset to numbers only.
Why? Why cant it be an option? If the idea of not removing thr ability to recover by typing in a logon. Or not implimenting a 3x per day recovery. How does emailing a random numbered password differ to emailing the current password of the account being recovered?sorry, but that is not an option due to account sharing and trading issues
If its being recovered by the owner of the email regardless of sharing why does it matter if the current password is being emailed and shown over the random numbered password given? Please explain as this makes absolutely no sense to me. Because it doesnt affect the sharing/trading of accounts in the slightest.
0000000000-9999999999 takes me 8 hours to complete while playing sword coast legends or the witcher 3. Although thats offline with the hash file. Ive no idea how many passwords would be accepted by the ft server per second. But definate improvement over a 6 digit number password. Happy as.10 digits are 10000 million guesses... that is enough
Changing the pw on recovery doesnt hinder account sharing. Stops theft a bit more. Well. Email recovery stops permenant theft. But changing the password when a recovery request is made. Doesnt hinder account sharing. Even if they choose to stick with that numbered password or choose to make a new one.we thought through it very detailled. 1st issue: account trading. but then, account sharing goes up, correct. we also do not want this. so we change pw. that is it. nothing to change here.